Posts by A. Chris Turner

There are many ways to explain how Google operates and scans websites to include in the search index. Most SEOs uses the idea of physical spiders, buckets (great for the discussion of link juice too), and schematics. One website article that offers a great deep dive into how crawling works and how businesses can make use of their own tools to index web content/data is Connotate. In the article, Targeted Web Data Extraction – The Right Choice When the Data Matters, Connotate’s team explains how data is gathered by crawlers, scrapers, and applications that is then used by businesses, like Google, to provide insight, answer questions, or offer information associated with a key concept. The Difference Between Web Crawling and Web Data Extraction (Web Scraping) Web crawling is done by software called spiders: They go directly to a URL and locate information: The words from the source code are targeted and indexed before being added to a database. Subsequently, all the hyperlinks on the page are followed and added to the database. For the full article, visit...

With so much happening in the world with businesses, regulations, and consumer engagement, it was only a matter of time before Google began working on ways to expand it’s reach (and revenue) through SMBs. Google+ was one of the first foray into these types of efforts, beyond Google Local and Google My Business. Google Hire By now, you likely heard about Google Hire or Hire with Google. This function is now enabled and allows job seekers to find available job posts right in the search results. Are career placement services, staffing services, and job search tools a thing of the past? No, of course not. Concierge career services help both businesses and job seekers connect, often taking on the role of hiring manager or talent agent. Google is not going to operate in this capacity. The hiring application is really a job posting solution for businesses. Google acquired Bebop, a startup focused on productivity and enterprise tools, in 2015, that is the backbone–we believe–of this functionality. The tool isn’t fully active yet but offering to let you sign up for announcements at hire.withgoogle.com. Google Posts Via Google My Business Access to the Google Posts is found in Google My Business. Enabled accounts should show a “Posts” option for your business listing(s). The posts can be from 100-300 words, feature for images, videos, and GIFs like most social media updates but Google Post will only display the first 100 words of your Post (ref. RevLocal, Google Apps). Posts appear directly in Google search results, as such they are extremely quick to load. Business posts can contain a status update (similar to something you’d post on social media) or an image. Some appear as a carousel of images and text; searchers can use right and left arrows to scroll through the post contents. Despite what some outlets are saying about these updates (looking at you SEL), these changes are inline with Google’s business model and desire to focus on business. Why should Facebook, LinkedIn, and other social platforms have all the social fun? The concern however, with these and other changes like AMP, are that Google is taking content from the businesses, websites, and references. Historically, the search engine facilitated traffic reaching the content on the site’s of the content owner. SEL and others worry that as Google continues to use content, resources, and details from publishers, users won’t reach the properties themselves, reducing the value of organic for these businesses. The Wrapper The concern is valid, but ultimately, Google can’t be every business, provide every product, solve all the problems. Is it right that they play intermediary? No, not really, but in the end, users and consumers reach the answers to their queries by finding the businesses that can help them through a mixture of digital solutions, to include...

If you’re stumbling across this post, you’ve likely been researching the latest events to hit the digital world, ransomware. Namely the WannaCry and the Petya ransomware attacks. I’ll spare the fluff and get into the meat. We thought it would be good to craft an article to help educated our clients and teams on what these threats really are. Although these types of attacks don’t directly impact search platforms, they have ramifications that impact several systems that are all interconnected; from healthcare to banks and financial institutions. As the term “ransomware” implies, these attacks encrypt vital systems and computer data to prevent users from accessing the information. The only remedy is to pay for the system to be decrypted by the same party that encrypted the computer or wipe the system clean. According to many cybersecurity experts, these malware attacks are only the beginning of a growing trend that proactive measures can help stem. How Did This Happen? Malware, ransomware, oh my! They all have the same mission, disrupt with the goal of generating funds to illicit individuals using their computer talents for ‘evil.’ As no one knows what they are really doing with the funds these efforts generate, we can only assume they are up to nefarious no-good with the ransoms or bot network generated revenue. With WannaCry and Petya, the vulnerabilities were identified in Microsoft and Microsoft Office operations. WannaCry (also known as Wanna Decrypt0r) leveraged an operating system vulnerability in outdated versions of the Microsoft operating system, including Windows XP, Windows 8, and Windows Server 2003 (ref. Fortified Health Security). And, although Microsoft had put a patch out for the vulnerability, some major organizations, such as the National Health Service, neglected to update, and were hit on May 12th. Petya (also known as Goldeneye and Petwrap) struck the European and Russian areas early today, quickly spreading through systems of networks worldwide, even as far as Australia. With Petya, the system made use of a Microsoft Office vulnerability (again, patched earlier this year CVE-2017-0199) and once it found it’s in, it altered the Master Boot Record. What made this ransomware even more dangerous is it’s ability to use the data on a networked computer to log into other networked computers and propagate further. Where Did These Infections Come From?! No one knows just yet. However, based on the code architecture and the way both of these malware attacks operate, it is known that they are built from knowledge gained from the National Security Agency leak of cyber tools. The NSA connection is based on programmed vulnerability, an exploit called EternalBlue, that would give the agency access to systems using the compromised programming. Worser still, there could be other programs waiting in the wings or mining data right now… (ref. The Verge). The Wrapper If you’ve been impacted, nothing less than a full factory restart will do. Having regular and secure offline backups is always a good plan. There are several methods for performing backups online as well. For enterprises, there are several resources focused on preventing and being proactive, offering do’s and don’ts with malware/ransomware. The best thing to do is either get a Mac or make sure your computers are updated regularly. Sh!+ will inevitably hit the fan, it’s unpreventable. Being prepared is always step zero. Backing up is step one....

For those SEOs in the audience, you are likely aware of the sad news, but for those just getting started or unaware, Google has killed the keyword planner used by so many in their keyword estimations, research, and planning. Okay, “killed” is a bit strong but damn it, we need some inside data, GOOGLE! What Actually Changed Well, data is still being provided in Google Keyword Planner, but the keyword data isn’t isolated to exact-match of the keyword(s) entered anymore. In a RankBrain world, relevance matters, so the keyword planner now offers a consolidated search volume for similar, variations, and close synonyms of keywords. This update went into practice at the end of June, beginning of July. Over the course of the month, some users also experienced error messages stating: To use Keyword Planner, you need to have at least one active campaign. If you have an active campaign and are still seeing this message, try reloading Keyword Planner in a few minutes. Although, Google contradicted this messaging when users responded and questioned Google on social media. @recalibrate@jenstar@rustybrick@pedrodias To clarify, you do not need an active campaign to use the Keyword Planner. (2) — Google AdWords (@adwords) June 27, 2016 But I digress. The keyword planner, when using it to gather keyword data and find new keywords, the system gives the same volume for search variants. RankBrain does the same thing from an organic search perspective; hence the expected correlation between the two. Here is the example all us SEOs are using (usually just SEO vs Search Engine Optimization): What should be noted in the example above is that the competition, bid, and other segments appear to still align with specific keywords. The Good, The Bad, and The Workaround Is this a sign that [not provided] is coming to Adwords too?! Will Google limit the number of keywords users can evaluate? Will we feeble marketers need to sacrifice young animals to obtain data from the Google gods? No, no, and hopefully not. That isn’t to say that we know everything Google has planned or up their sleeves but indications are that this change aligns well with organic search; where ads are meant to appear. Remember, Google isn’t a charity and the planner is meant to be used for paid media efforts–with Google. Although we love the tool and use it in a number of areas, not just for Adwords campaigns, that is its purpose. We can’t fault Google for aligning their tools together. So, how do you get some sweet, specific keyword average search volumes? Currently, the workaround is to use the budget planner (within the keyword tool) to get that data. In the “Plan your budget and get forecasts” block, you can specify the match type, targeting, and parameters. From there, the tool will provide daily forecast for the keywords entered. Depending on the match type, CPC bid, and budget you will see details for the clicks, impressions, cost, CTR, average CPC, and average position. In previous posts, we talked about pricing SEO, well, here is how you do some of that work. Make sure the move the selector to the plateau on the chart and open up the keyword group to see the specifics. Again, this update to the keyword planner and this workaround align well with Google’s strategy for organic search quality and personalization along with connecting paid media deeper to the overall strategy and search experience. The Wrapper The purpose of Google’s Keyword Planner is to help marketers market things. They (Google) wouldn’t want to hurt their bottomline by taking away the ability...

If you’ve been in the IT industry for a few years, then you’ve had the wonderful experience of dealing with hackers. Whether it’s a small, simple hack into your theme to mess with your links to a larger infiltration to takeover your website, hacks are a common occurrence and one every website faces. ChocolateSEO is no different. Although we’ve been safe since our inception in 2012, our strong run was marred recently by a mid-level hack that crashed our hosting and lead to the hackers being able to verify ownership of C.SEO in Google Search Console. There are different types of attacks, Denial of Service (DoS), PHP injection, brute force, and many others. For us, the attack started with a PHP injection following brute force attacks on our login screen. The goal was to erase any existing content, setup aliases to spam URLs using “chocolateseo.com” and submit a faulty sitemap to Google using the ChocolateSEO’s Google Search Console account. The “fake” sitemap contained over 1,000 spam URLs and was very well formatted. Real slick there smooth… By having the GSC setup properly, we were alerted immediately that someone had been verified as an owner of the account (using an HTML file). As no one else was recently added to the staff, this was a very red flag. Not to mention the email, ful56675@gmail.com, being unfamiliar to the team. However, scouring the site, we couldn’t find any files matching the HTML file used to verify this gmail address. Once we finished chatting with the hosting company and pulling server logs, changing all MySQL and website passwords; our co-founder, Savannah, was able to locate this wonderful little code in our blog header PHP file. In short, this cool but evil little code generates a page dynamically to match any verification page Google may request. The dark side of PHP… Now, the issue was that when we evaluated files, the modification dates on the files hadn’t been changed recently, so our first scans missed this change in our core file. After consulting sites like, SecurityWeek and Sucuri, we needed a solution that would check the website (and our clients’ sites) against the known repository versus checking the last modification dates. The solution we chose was WordFence based on the recommendations of a few good friends of C.SEO. The Wrapper Everyone knows that WP and PHP have their weak points, but offer a lot of great functionality. Eventually, we all hit snags like this. Being prepared and having some type of prevention are always a necessity in the IT world. For most websites, high-level encryption, RSA tokens, and secondary-verification may be a bit of overkill. But, having strong passwords, regular backups, file version controls, and programs that block login page attacks are all easy ways to avoid issues like the one we faced this past week. And to the blackhaters… use your powers for good. Not sure if they are really based in China, but according to Whois, they are, and they are just trying to make a yen–but there are better ways to do that then attacking little guys trying to make an honest...